All news with #mfa tag

Cybersecurity Awareness Month 2025: Move Beyond Passwords

🔐 October's Cybersecurity Awareness Month reminds users that passwords alone no longer provide reliable protection. Adopt MFA wherever possible—prefer authenticator apps or hardware security keys over SMS—and consider emerging passwordless options such as passkeys. Organizations should enforce strong authentication to protect systems, customers and reputation. Watch ESET's video with Tony Anscombe for practical guidance.

How to Respond After Clicking a Suspicious Link Safely

⚠ If you clicked a suspicious link, stay calm and act promptly. For work devices, contact IT immediately and follow their instructions. For personal devices, close the browser and check for unexpected downloads; if you entered credentials, change passwords and enable MFA; if financial data was entered, contact your bank; if a file was downloaded, disconnect, run a full scan, and consider restoring from a clean backup. Monitor accounts and report phishing attempts.

New Chinese Group Hijacks IIS Servers for SEO Fraud

🔍 Cisco Talos warns a Chinese‑speaking threat group tracked as UAT-8099 is actively compromising misconfigured Microsoft IIS servers to run SEO fraud and harvest high-value data. The actors favor high-reputation domains in universities, technology firms, and telecom providers across India, Thailand, Vietnam, Canada and Brazil to reduce detection. They exploit unrestricted file uploads to install web shells, escalate a guest account to admin, enable RDP and deploy the BadIIS SEO malware, then persist with hidden accounts and VPN/backdoor tools. Talos has published indicators and mitigation guidance, including blocking script execution in upload folders, disabling RDP and enabling MFA.

Cl0p-linked Extortion Targets Oracle E-Business Suite

🔒 Researchers at Halcyon, Google, and Mandiant report an extortion campaign attributed to actors likely affiliated with the Cl0p gang, targeting Oracle E‑Business Suite (EBS) via exposed local login pages. Attackers allegedly abused the AppsLocalLogin.jsp password‑reset workflow to obtain local credentials that bypass SSO and often lack MFA, then sent executive extortion demands with proof samples. Demands range into seven and eight figures, reportedly up to $50 million; defenders are advised to restrict public EBS access, enforce MFA, and review logs immediately.

Service Desk as Attack Vector: Defend with Workflows

🔐 The service desk is now a primary enterprise perimeter for attackers, with social-engineering groups like Scattered Spider converting routine requests into broad access — as seen in high-impact incidents such as MGM Resorts and Clorox. Training matters but is not enough; verification must be a security-owned, auditable workflow rather than an agent’s discretionary call. Implement mandatory controls so agents never view credentials, apply role-based verification depths, and use points-based contingency checks when MFA fails. Integrate the flow with ITSM so tickets launch verification automatically, returning results and telemetry for alerting and audit.

Phishing and Patching: Cyber Basics Still Critical

🔐 Fortinet’s 2025 Global Threat Landscape Report underscores that two fundamentals — protecting against phishing and keeping software up to date — remain the most effective defenses. Attackers are scaling campaigns with automation and generative AI to produce more convincing messages, and they combine email, SMS, and voice techniques to raise success rates. Organizations should strengthen employee training, deploy MFA, and adopt centralized or automated patch management to reduce exposure and limit lateral movement.

Case for Multidomain Visibility and Unified Response in SOCs

🔍 The 2025 Unit 42 Global Incident Response Report shows that 84% of investigated incidents involved activity across multiple attack fronts and 70% spanned at least three vectors, underscoring coordinated, multidomain campaigns. Attackers move laterally across cloud, SaaS, IT and OT, exploiting identities, misconfigurations and vulnerabilities. The report recommends unified telemetry, AI-driven behavioral analytics and stronger identity controls to improve detection and accelerate response.

Manufacturing Disruptions from Targeted Cyberattacks

⚠️Recent cyberattacks forced production halts at Jaguar Land Rover and Asahi, underscoring that operational disruption is now a primary objective for threat actors. JLR paused production after an August 31 compromise attributed to the Scattered Lapsus$ Hunters group, reportedly using vishing to obtain credentials, while Asahi halted orders and shipments following a systems failure. Experts emphasize that attackers exploit phishing, unpatched systems, and supply‑chain weaknesses, and urge layered defenses such as zero trust, MFA, PAM, micro‑segmentation, continuous monitoring, and air‑gapped backups to preserve business continuity.

VMware flaws allow username enumeration, patches released

🛡️ Three important vulnerabilities were disclosed in VMware products, including two in NSX that allow unauthenticated username enumeration and one in vCenter that permits SMTP header manipulation by authenticated non‑admin users with scheduled task privileges. The U.S. National Security Agency discovered two of the issues and all three are rated Important. VMware has released patches to address the flaws. Organizations are urged to apply updates immediately, avoid exposing vCenter to the internet, enforce multi‑factor authentication, change default credentials, and deploy layered protections such as web application firewalls and brute‑force detection controls.

Medusa Ransomware Tried to Recruit BBC Journalist Insider

🧑‍💻 Threat actors claiming to represent Medusa contacted BBC cybersecurity correspondent Joe Tidy via Signal in July, offering him a cut of any ransom in exchange for providing access to BBC systems. They initially offered 15% of the paid ransom, later adding an extra 10% and even proposing 0.5 BTC placed in escrow. When Tidy hesitated, the actors launched MFA bombing attempts; he alerted the BBC security team and was disconnected from corporate systems as a precaution.

Security Hardening Essentials for Resource-Constrained SMBs

🔒 Security hardening boosts protection for organizations, especially SMBs, by reducing their attack surface without large additional investments. Key measures include strong authentication and authorization—enforcing strict passwords, multifactor authentication, least-privilege access and network access controls—alongside timely patching, data encryption and segmented, tested backups. Regular staff training, account audits and permission reviews complete a practical, low-cost defense posture.

UNC6040: Proactive Hardening for SaaS and Salesforce

🔒 Google Threat Intelligence Group (GTIG) tracks UNC6040, a financially motivated cluster that uses telephone-based social engineering to compromise SaaS environments, primarily targeting Salesforce. Operators trick users into authorizing malicious connected apps—often a fake Data Loader—to extract large datasets. The guidance prioritizes identity hardening, strict OAuth and API governance, device trust, and targeted logging and SIEM detections to identify rapid exfiltration and cross‑SaaS pivots.

Surge in SonicWall SSL VPN Attacks by Akira Actors

🔒 Security experts warn of a sharp increase in activity from Akira ransomware operators targeting SonicWall SSL VPN appliances, with intrusions traced to late July. Arctic Wolf links initial access to exploitation of CVE-2024-40766 and describes rapid credential harvesting that can enable access even to patched devices. Observed traces include hosting-provider-origin VPN logins, internal scanning, Impacket SMB activity and Active Directory discovery; organizations are advised to monitor hosting-related ASNs, block VPS/anonymizer logins and watch for SMB session patterns consistent with Impacket to detect and disrupt attacks early.

Cyber Risk Assessments: Making CISO Efforts Visible

🛡️ Cyber Risk Assessments enable CISOs to quantify enterprise cyber risk and demonstrate the impact of security work. They uncover vulnerabilities across infrastructure, networks and cloud data, helping teams prioritize remediation and allocate resources where they matter most. Assessments also support compliance with regulations such as GDPR and PCI DSS, delivering actionable reports that document progress for management.

Assessing Passkey Security: Benefits and Limitations

🔐 Passkeys replace passwords with public-key cryptography, keeping the private key on the user’s device while services retain only a public key. They prevent phishing, credential stuffing, and brute-force attacks, and are unlocked by local authentication such as biometrics or a PIN. FIDO research and high-profile moves by Microsoft and Aflac highlight improved convenience and reduced support costs, but device dependency, legacy compatibility, and implementation costs remain significant challenges.

PyPI warns users to reset credentials after phishing

🔒 The Python Software Foundation warns of a phishing campaign using a convincing fake PyPI site at pypi-mirror[.]org that asks users to 'verify their email address' and threatens account suspension. If you clicked the link and submitted credentials, change your password immediately, inspect your account's Security History, and report suspicious activity to security@pypi.org. Maintainers should avoid clicking links in unsolicited emails, use password managers that auto-fill only on matching domains, and enable phishing-resistant 2FA such as hardware security keys.

One Weak Password Topples 158-Year-Old Transport Firm

🔒 KNP Logistics Group, a 158-year-old UK transport firm, collapsed after the Akira ransomware group accessed an employee account by guessing a weak password. Attackers bypassed protections by targeting an internet-facing account without MFA, deployed ransomware across the estate, and destroyed backups, halting operations across 500 trucks and precipitating administration and 700 job losses. The incident underscores the urgent need for strong password policies, MFA, and isolated, tested backups.

GitHub Tightens npm Security: Mandatory 2FA, Token Limits

🔒 GitHub is implementing stronger defenses for the npm ecosystem after recent supply-chain attacks that compromised repositories and spread to package registries. The platform will require 2FA for local publishing, shorten token lifetimes to seven days, deprecate classic tokens and TOTP in favor of FIDO/WebAuth, and promote trusted publishing. Changes will roll out gradually with documentation and migration guides to reduce disruption.

Essential Security Tools Every Organization Should Deploy

🔐 Security leaders face a shifting threat landscape, tighter regulation, and increasing IT complexity, so a well-integrated toolset is essential. The article outlines 13 core solution categories — from XDR, MFA and IAM to DLP, CASB, backup/DR and AI‑SPM — and explains how each strengthens detection, access control, data protection and recovery. Emphasis is placed on integration, automation and real-time response to reduce manual verification and satisfy compliance and cyberinsurance requirements.

Experts Urge Updated Defenses Against Scattered Spider

🔐 Organizations should urgently update defenses to counter the Scattered Spider collective, experts warned at the Gartner Security & Risk Management Summit 2025. The group used social engineering, helpdesk vishing, and push notification fatigue to bypass MFA and abuse SSO, compromising accounts like Okta and stealing tokens from LastPass. Firms are advised to implement stronger identity protections, number-matching MFA, stricter password-reset procedures, and tighter third-party vendor monitoring to reduce exposure.